[SETUP] - Using Unix Users and Groups for Trac Authentication
- From: "Christopher Ness" <chris (at) nesser.org>
- Date: Tue, 21 Feb 2006 13:30:02 -0500 (EST)
On Tue, February 21, 2006 5:26 am, Manuzhai said:
>> AFAIK Linux used md5-hashes.
>
> Doesn't look like it from my /etc/shadow, it contains all kinds of
> punctuation marks (!, $) that aren't there in your typical md5-hash.
I have been able to use /etc/shadow hashes on Fedora for ACL's with
subversion repositories. I think Apache is doing the authentication so
therefore Trac should also be able to use them.
Have you tried it Manuzhai? Of course that's a huge security risk
exposing your user accounts over your web server. A dictionary attack
becomes possible linked to your user accounts.
/etc/shadow is `chmod 400` for a reason.
Cheers,
Chris
--
http://www.nesser.org
_______________________________________________
Trac mailing list
Trac (at) lists.edgewall.com
http://lists.edgewall.com/mailman/listinfo/trac